|
 |
4c04d8 |
From 606b7b6a45f6e2014119d0716774323f30862e0c Mon Sep 17 00:00:00 2001
|
|
|
47a30d |
From: Mark Reynolds <mreynolds@redhat.com>
|
|
|
47a30d |
Date: Fri, 2 Aug 2019 12:07:07 -0400
|
|
|
47a30d |
Subject: [PATCH] Issue 50529 - LDAP server returning PWP controls in
|
|
|
47a30d |
different sequence
|
|
|
47a30d |
|
|
|
47a30d |
Description: The server returns password policy controls in different orders
|
|
|
47a30d |
depending on the state of grace logins. The requested control,
|
|
|
47a30d |
if any, should be returned first, followed by any controls the
|
|
|
47a30d |
server might add.
|
|
|
47a30d |
|
|
|
47a30d |
relates: https://pagure.io/389-ds-base/issue/50529
|
|
|
47a30d |
|
|
|
47a30d |
Reviewed by: mreynolds (one line commit rule)
|
|
|
47a30d |
---
|
|
|
47a30d |
ldap/servers/slapd/pw_mgmt.c | 2 +-
|
|
|
47a30d |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
47a30d |
|
|
|
47a30d |
diff --git a/ldap/servers/slapd/pw_mgmt.c b/ldap/servers/slapd/pw_mgmt.c
|
|
|
47a30d |
index befac50cd..ca76fc12f 100644
|
|
|
47a30d |
--- a/ldap/servers/slapd/pw_mgmt.c
|
|
|
47a30d |
+++ b/ldap/servers/slapd/pw_mgmt.c
|
|
|
47a30d |
@@ -207,10 +207,10 @@ skip:
|
|
|
47a30d |
|
|
|
47a30d |
/* password expired and user exceeded limit of grace attemps.
|
|
|
47a30d |
* Send result and also the control */
|
|
|
47a30d |
- slapi_add_pwd_control(pb, LDAP_CONTROL_PWEXPIRED, 0);
|
|
|
47a30d |
if (pwresponse_req) {
|
|
|
47a30d |
slapi_pwpolicy_make_response_control(pb, -1, -1, LDAP_PWPOLICY_PWDEXPIRED);
|
|
|
47a30d |
}
|
|
|
47a30d |
+ slapi_add_pwd_control(pb, LDAP_CONTROL_PWEXPIRED, 0);
|
|
|
47a30d |
slapi_send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL,
|
|
|
47a30d |
"password expired!", 0, NULL);
|
|
|
47a30d |
|
|
|
47a30d |
--
|
|
|
4c04d8 |
2.21.0
|
|
|
47a30d |
|